US8892855B2 - Encryption keys distribution for conditional access software in TV receiver SOC - Google Patents

Encryption keys distribution for conditional access software in TV receiver SOC Download PDF

Info

Publication number
US8892855B2
US8892855B2 US13/205,578 US201113205578A US8892855B2 US 8892855 B2 US8892855 B2 US 8892855B2 US 201113205578 A US201113205578 A US 201113205578A US 8892855 B2 US8892855 B2 US 8892855B2
Authority
US
United States
Prior art keywords
key
recipient
key distribution
secure element
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US13/205,578
Other versions
US20120198224A1 (en
Inventor
Maxime Leclercq
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Radioxio LLC
Original Assignee
MaxLinear Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MaxLinear Inc filed Critical MaxLinear Inc
Priority to US13/205,578 priority Critical patent/US8892855B2/en
Assigned to MAXLINEAR, INC. reassignment MAXLINEAR, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LECLERCQ, MAXIME
Publication of US20120198224A1 publication Critical patent/US20120198224A1/en
Application granted granted Critical
Publication of US8892855B2 publication Critical patent/US8892855B2/en
Assigned to JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT reassignment JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: ENTROPIC COMMUNICATIONS, LLC (F/K/A ENTROPIC COMMUNICATIONS, INC.), EXAR CORPORATION, MAXLINEAR, INC.
Assigned to EXAR CORPORATION, MAXLINEAR, INC., ENTROPIC COMMUNICATIONS, LLC (F/K/A ENTROPIC COMMUNICATIONS, INC.) reassignment EXAR CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS Assignors: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT
Assigned to MAXLINEAR, INC., ENTROPIC COMMUNICATIONS, LLC (F/K/A ENTROPIC COMMUNICATIONS, INC.), EXAR CORPORATION reassignment MAXLINEAR, INC. TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS Assignors: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT
Assigned to RADIOXIO, LLC reassignment RADIOXIO, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MAXLINEAR, INC.
Assigned to MUFG UNION BANK, N.A. reassignment MUFG UNION BANK, N.A. SUCCESSION OF AGENCY (REEL 042453 / FRAME 0001) Assignors: JPMORGAN CHASE BANK, N.A.
Assigned to MAXLINEAR, INC., MAXLINEAR COMMUNICATIONS LLC, EXAR CORPORATION reassignment MAXLINEAR, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: MUFG UNION BANK, N.A.
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • H01L9/083
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • Embodiments of the present invention relate to the field of encryption key distribution. More particularly, embodiments of the present invention relate to a system, apparatus and method for securely distributing encryption keys for conditional access software in TV receiver systems.
  • Various contents such as movies, music, game software, sport events, and others are offered by service providers through a variety of wired and wireless communication networks. Some of these contents are encrypted so that they can be accessed or viewed by subscribers who are in possession of a corresponding decryption key. It is understandable that service providers will try to generate encryption keys and distribute the keys in a secure manner.
  • An encryption technique is the use of asymmetric key algorithms, where the key used to encrypt a widely distributed software component (e.g., firmware) is not the same as the key used to decrypt it.
  • Embodiments of the present invention relate to an encryption key distribution and may apply to conditional access systems for digital broadcast television.
  • DAB Digital Audio Broadcasting
  • ATSC Advanced Television Systems Committee
  • ISDB Integrated Services Digital Broadcasting
  • mobile TV standards which relate to the reception of TV on handheld devices such as mobile phones or the like.
  • DVB-H Digital Video Broadcasting-Handheld
  • CMMB China Multimedia Mobile Broadcasting
  • DMB Digital Multimedia Broadcasting
  • CA Conditional access
  • conditional access software runs on a dedicated secure element implementing robust mechanisms so as to prevent a malicious entity (“hacker”) from gaining access to the broadcast system secret to decipher the TV content.
  • the CA instruction code and keys provisioned by the CA provider adapted to ensure security are typically stored in the discrete secure element.
  • the communication link between the discrete secure element and the demodulator, if not protected, presents a vulnerable entry point for hackers to get access to the software or introduces malicious code to the TV system.
  • FIG. 1 is a block diagram of a conventional TV receiver 100 performing conditional access (CA) functions.
  • Receiver 100 includes a TV demodulator 110 coupled to a suitable antenna 105 for receiving broadcast content.
  • the broadcast content may be encrypted by a control word (CW).
  • Demodulator 110 is connected to a dedicated secure element 120 via a communication link 150 .
  • Communication link 150 can be a proprietary interface or a standard interface.
  • Secure element 120 may be provided by the service provider and controls access to a broadcast service by providing one or more control words to the demodulator via the communication link.
  • Secure element 120 may include a CPU coupled to a memory unit which may contain EEPROM and/or ROM. Secure element 120 may also hold service entitlement information controlled by the service provider.
  • the service provider may communicate with the secure element using encrypted messages that carry descrambling keys and other service management information.
  • Demodulator 110 receives the code word from the secure element and uses the code word to descramble the encrypted content.
  • the clear stream is then provided to a video and audio decoder 130 .
  • a display 140 coupled to the video and audio decoder displays the decoded video and audio data streams.
  • secure element 120 may be provided in several forms and in multiple packaging options.
  • the secure element may be a dedicated surface mount device mounted on the receiver, a SIM card (e.g., in the context of a mobile phone), a secure SD card, or a module.
  • an additional layer typically a software layer, is used to encrypt messages between the secure element and the demodulator.
  • a software layer is used to encrypt messages between the secure element and the demodulator.
  • hackers or attackers may get access to this software layer through the communication link, and with it gain access to the code word. Therefore, the software layer must be made protected.
  • the conventional secure element has a hardware structure that does not provide flexibility because it requires a dedicated module and a hardware connection to the demodulator. Furthermore, conventional techniques do not appear to address the concerns of service providers, CA operators, and content owners, namely, to provide security to the operation of their devices and the protection of their broadcast contents.
  • Embodiments of the present invention provide a system and method of generating and distributing encryption keys to authorized recipients.
  • the system includes a secured server that generates a unique pair of keys including a first key and a second key and a key distribution unit connected to the secured server for transmitting the first key to a first recipient and a second key to a second recipient.
  • the first recipient may use the first key to encipher (encrypt) a data file and send the encrypted data file via a non-volatile memory device to a target subscriber.
  • the second recipient may program the second key into an one-time-programmable register contained in a secure element during a manufacturing process.
  • the secure element may further include a random access memory configured to store an image (copy) of the encrypted data file, a read-only memory containing a boot code, and a processing unit coupled to the random-access memory and the read-only memory and operative to decipher (decrypt) the encrypted data file.
  • the first recipient may be a conditional access firmware provider
  • the second recipient may be an original design manufacturer, an original equipment manufacturer, or a device manufacturer that makes the secure element and sent it to the target subscriber.
  • the secured server may be operated by a service or content provider.
  • Embodiments of the present invention also disclose a method for securely generating and distributing encryption keys.
  • the method includes generating, by a secured server, a pair of keys including a first key and a second key and providing, by a key distributing unit, the first key to a first recipient and a second key to a second recipient.
  • the first recipient may use the first key to encrypt a data file and send the encrypted data file via a non-volatile memory device to a target subscriber.
  • the second recipient may program the second key into an one-time-programmable register contained in a secure element during a manufacturing process.
  • the secure element may further include a random access memory configured to store an image of the encrypted data file, a read-only memory containing a boot code, and a processing unit coupled to the random-access memory and the read-only memory and operative to decrypt the encrypted data file by executing the boot code.
  • FIG. 1 is a block diagram of a conventional TV receiver 100 performing conditional access (CA) functions;
  • CA conditional access
  • FIG. 2 is a simplified block diagram of a receiver system on a chip (SOC) according to an embodiment of the present invention
  • FIG. 3 is a simplified block diagram of a demodulator SOC having an integrated secure element according to an embodiment of the present invention
  • FIG. 4 is a block diagram of a TV demodulator SOC in communication with an external video and audio decoder and an external flash memory according to an embodiment of the present invention
  • FIG. 5 illustrates a demodulator SOC performing a firmware download operation from an external memory according to an embodiment of the present invention
  • FIG. 6 is a diagram illustrating an exemplary firmware run-time authentication using hardware facilities provided by the secure element according to an embodiment of the present invention
  • FIG. 7 a block diagram illustrating a secure generation and distribution of asymmetric keys according to an embodiment of the present invention.
  • FIG. 8 is a flowchart diagram illustrating an example method of generating a pair of asymmetric keys and securely providing the keys to authorized recipients according to an embodiment of the present invention.
  • Conditional access is used by TV broadcasters to generate revenue.
  • security guidelines are used to protect the keys provisioned to the user and to guarantee that no hacker or malicious entity can crack the system and watch contents for free.
  • These guidelines also referred to as security requirements, define methods adapted to prevent misuse of the SOC (system-on-chip) device and its associated firmware, and furthermore to inhibit unauthorized access to secrets, such as keys, operating modes, etc.
  • the SOC security framework described herein defines hardware (HW), software (SW), or a combination thereof (i.e., firmware) to achieve these objectives.
  • FIG. 2 is a simplified block diagram of a receiver system on a chip (SOC) 200 configured to perform tuning, demodulating, CA security, and the like, in accordance with an embodiment of the present invention.
  • Receiver system 200 includes a digital broadcast receiver 210 that may be capable of receiving signals in a number of different frequency bands of interest and/or in a number of different formats.
  • receiver system 200 may be capable of receiving any one or more of the standards mentioned above or other suitable standards.
  • receiver system 300 also includes a conditional access security (CAS) sub-system 250 .
  • CAS conditional access security
  • Digital broadcast receiver 210 includes a tuner 212 that is connected to an antenna 211 . Although an antenna is shown, tuner 212 may be connected to a number of antennas that is configured to suit different frequency bands of interest. The tuner frequency translates received signals and provide them to a demodulator 214 , which may demodulate the frequency translated signals into multiple data streams (audio, video, text, and others). Receiver 210 also includes a descrambler 216 that descrambles the data streams (indicated as encrypted TS) and provides clear (i.e., descrambled) data streams (indicated as clear TS in FIG. 2 ) to a host via a host interface unit 218 .
  • a descrambler 216 descrambles the data streams (indicated as encrypted TS) and provides clear (i.e., descrambled) data streams (indicated as clear TS in FIG. 2 ) to a host via a host interface unit 218 .
  • Receiver 210 further includes a control processor 220 and a memory unit 222 that contains software (program code) to enable a user to select a service and to program the tuner to a desired frequency.
  • memory 222 may include dynamic random memory and/or permanent memory such as read-only memory (ROM).
  • Receiver 210 also includes a control interface unit 224 that connects the broadcast receiver 210 with the conditional access security sub-system 250 .
  • control access is a protection of content required by content owners or service providers.
  • Conventional access approaches use dedicated surface mount devices such as Smartcard, SIM card, secure SD card or the like.
  • CA instruction code and keys provisioned by CA providers adapted to ensure security are typically stored in a non-volatile memory, such as an EEPROM or Flash, which are relatively expensive and cannot be easily and cost effectively integrated using standard CMOS fabrication processes.
  • a novel conditional access security (CAS) sub-system according to an embodiment of the present invention will be described in detail below.
  • CAS sub-system 250 includes a secure processor 252 coupled to a memory unit 254 .
  • the secure CPU may be a RISC CPU configured to process various processing operations.
  • CAS sub-system 250 may further include a crypto hardware 256 that, in an embodiment, includes suitable crypto logic, circuitry (e.g., hardware) for performing cryptographic operations.
  • crypto hardware 256 may be a crypto processor configure to perform cryptographic functions such as processing digital signature, key management, identifying public keys and others due to the secure access requirements.
  • cryptographic hardware may generate a unique crypto ID (device identifier) for the receiver SOC 200 and a unique encryption key.
  • CAS sub-system also includes a fuse bank 260 .
  • fuse bank 260 may include electrically programmable fuses on the chip.
  • the fuse bank may contain an array of electrically programmable registers, each having a number of bits. The bits can be programmed during the manufacturing process or later by the service provider as the device is shipped to the user. In an embodiment, corresponding bits of the fuse bank are burned or blown according to the value of the unique device ID and a certificate key.
  • memory unit 254 may include random access memory and read-only memory. In contrast to conventional techniques, memory unit 254 does not includes EEPROM and/or Flash memory to facilitate the integration process and to minimize cost by using conventional (i.e., standard) CMOS process.
  • receiver SOC 200 includes an external memory interface 268 configured to interface with an external memory device (not shown).
  • the external memory may be a flash memory containing firmware or software code and other associated information data that are required for the receiver SOC to perform the descrambling functions. Details of the firmware, software code and the associated information data will be described in detail in sections below.
  • the external memory interface 268 can include a SD memory card slot, a multimedia card (MMC), a micro SD card slot, a mini SDHC, a microSDHC, a Memory Stick slot, a PCMCIA interface, a USB interface, a serial or a parallel interface, and others.
  • MMC multimedia card
  • the conditional access (CA) software code is stored in a random access memory (RAM).
  • the CA software is dynamically downloaded from an external non-volatile flash memory via the external memory interface 268 to the RAM during the power cycle of the security sub-system.
  • the external flash storing the CA software is outside the security perimeter it must first be authenticated and checked for any malicious alteration (such as bypass of the security function that could be inserted by a hacker).
  • the secure sub-system implements a protocol to authenticate the firmware using a public key algorithm and digital certificate provisioned during manufacturing.
  • FIG. 3 is a block diagram of a demodulator SOC 300 including a demodulation logic 310 coupled to a remote memory device 480 (e.g., Flash memory) and an integrated secure element 350 according to an embodiment of the present invention.
  • Demodulation logic 310 may have a similar configuration of the receiver 210 shown in FIG. 2 .
  • demodulation logic 310 may include a demodulator, a descrambler, a control CPU, a memory unit that comprises RAM and/or ROM, a host interface, and a control interface unit; the functions of those elements have been described in details in the sections above and won't be repeated herein for brevity.
  • the demodulator logic 310 may further include system-on-a chip infrastructure such as registers, IO ports, an external memory interface link 320 , which may be similar to the external memory interface port 268 shown in FIG. 2 and described above.
  • remote or external Flash memory 380 may be coupled to the demodulator SOC 300 through the interface link 320 .
  • the coupling can be by means of a physical connection such as a SD card connector or a USB connector.
  • the coupling can be by means of an optical (e.g., infrared) or radio wave (e.g., Bluetooth, wireless LAN IEEE802.11, or the like) communication link.
  • integrated secure element 350 includes a secure CPU 352 , a boot read-only memory (ROM) 353 , a secure random access memory (RAM) 355 , multiple non-volatile memory registers (or one-time programmable fuse banks) 360 .
  • CPU 352 may include an adder and logic for executing arithmetic operations or comparative decisions.
  • the non-volatile memory registers are implemented using fuse cells that can be fabricated using standard CMOS processes.
  • the non-volatile memory registers are programmed (burned or blown) during the silicon manufacturing process to store information such as the device ID, the root public key, and others.
  • Integrated secure element 350 also includes a hardware accelerator 356 that can be one or more crypto processors as described above in association with crypto hardware 256 of FIG. 2 .
  • CA software code is stored in the secure RAM 355 according to an embodiment of the present invention.
  • CA software is understood as instructions, one or more sets of instructions, data files, firmware, or executable applications that are provided to the secure CPU 352 for execution.
  • CA software is dynamically downloaded from the remote (external) flash memory 380 to the RAM 355 (“RAM-ware”) during the power cycle of the integrated secure element 350 .
  • RAM-ware RAM 355
  • CA software is downloaded from the external Flash memory, it must be first authenticated by the integrated secure element 350 .
  • the secure element operates a protocol to authenticate the RAM-ware using a public key algorithm and a digital certificate (e.g., a unique device ID) that is provided during the manufacturing of the demodulator SOC.
  • the authentication process can be assisted and accelerated using hardware accelerator 356 .
  • CA software is received by the demodulator logic from the external memory and transferred to the secure RAM 355 via a demodulator interface circuit 366 .
  • embodiments of the present invention provides a RAM-ware architecture that can be updated securely and easily, e.g., by downloading firmware (i.e., software, program codes, data files) stored in external memories. Because the external memory containing the CA software is outside the security perimeter of the secure element, it must first be authenticated. In an embodiment, the downloaded CA software is authenticated by the secure element running boot authenticate programs from the boot ROM 353 . Because the RAM-ware architecture does not require EEPROM and/or Flash memory that requires among other things a double poly process or a tunnel oxide process and expensive testing equipment and procedures, the RAM-based architecture of the present invention can be cost effectively produced using standard CMOS processes.
  • the integrated secure element produces an attribute based on a digital certificate contained in the received software (now RAM-ware because it is now stored in the secure RAM) and provides the attribute to the demodulator logic for descrambling the received data streams (not shown).
  • the attribute can be a secure bit pattern or a secure codeword to enable the descrambling process in the demodulator logic 310 .
  • the integrated secure element 350 is activated when the TV application is enabled by the user.
  • the demodulator logic causes the boot ROM to execute the boot instructions and activate the integrated secure element.
  • the conditional access (CA) firmware stored in the external flash memory is downloaded to the RAM disposed in the secure element, so that the CPU starts operating.
  • the remote Flash memory contains conditional access (CA) executable applications or data files that are dynamically loaded to the RAM 355 disposed in the integrated secure element.
  • the external memory contains a digital certificate that is generated by the CA vendor or the demodulator SOC device manufacturer and signed with the root private key or a derivative of the root key using public key infrastructure (PKI).
  • the digital certificate may be unique to each demodulator SOC device and contains a device identification (ID) code.
  • ID device identification
  • the same identification code may also be stored in one or more of the non-volatile registers 460 .
  • the non-volatile memory registers 360 may also store a digital signature of the CA software or CA firmware.
  • the boot ROM authenticates the CA firmware by means of the digital certificate.
  • the secure boot ROM may process the digital certificate as follows: (i) verify that the certificate is authentic and the certificate has been signed by a trusted delegate of the root key owner; (ii) verify that the certificate is intended for the given device by comparing the device ID stored in the secure element NVM (non-volatile memory) registers and the code stored in the certificate to ensure that they match; and (iii) authenticate the firmware by regenerating its signature with the root public key and comparing the result with the value stored in the certificate. Only when the above three steps are successful, the SW that has been downloaded to the secure element RAM is verified and considered to be trustworthy.
  • the SW code in the external memory may be encrypted. In this case, it is first deciphered by the boot ROM. The SW encryption key (or a derivative) is stored in the secure element NVM registers and used directly by the ROM code.
  • FIG. 4 is a block diagram of a TV demodulator SOC 400 in communication with an external video and audio decoder 470 and a flash memory 480 according to an embodiment of the present invention.
  • the TV demodulator SOC includes a tuner and demodulator 410 coupled to an antenna 405 for received a desired modulated content that may be encrypted.
  • TV demodulator SOC 400 may include a demodulator CPU 420 for communicating with a user and for controlling the tuner demodulator.
  • Demodulator CPU 420 is coupled to a memory unit 430 that may contain static random access memory and read-only memory.
  • TV demodulator SOC 400 also includes a descrambler 440 that is configured to received an encrypted data stream 412 from the tuner and demodulator 410 using an encryption key or a control word delivered from a secure element sub-system.
  • the secure element sub-system is integrated within the TV demodulator SOC.
  • the secure element sub-system includes a secure CPU 452 coupled to a read-only memory ROM 456 and a secure random access memory RAM 456 .
  • TV demodulator SOC does not include flash memory or EEPROM, so that TV demodulator SOC can be fabricated using cost effective standard CMOS processes that do not require special floating gate processes and associated testing steps.
  • TV demodulator SOC receives a firmware image (i.e., data representative or a copy of the firmware disposed in an external device.
  • firmware and firmware image will be used alternatively hereinafter) from external flash memory 480 via a memory interface port 420 .
  • the firmware download can be, for example, initiated by the demodulator CPU 420 and stored in the secure RAM 456 .
  • the firmware image i.e., a copy of the firmware
  • the secure element sub-system will execute the firmware image to produce a control word or encryption key for the descrambler to decipher the encrypted data stream.
  • the control word is transmitted to the descrambler through a physical link 442 that must be protected from hacking Details of the firmware download from the external flash memory, the authentication process and the protection of the control word through obfuscation will be described in more detail below.
  • the descrambler deciphers the encrypted data stream and produces a clear data stream to a video and audio decoder 470 that is coupled to a display unit 475 for reproducing the video and audio content.
  • FIG. 5 illustrates a demodulator SOC 500 performing a firmware download operation from an external memory according to an embodiment of the present invention.
  • Demodulator SOC 500 comprises a demodulator logic 510 and an integrated secure element 550 .
  • Demodulator logic 510 may include a tuner, a demodulator, a descrambler, control CPU, a memory unit, a host interface as shown in FIG. 2 .
  • the demodulator logic may include SOC infrastructure having one or more IO ports, a memory interface unit, and others.
  • the SOC infrastructure may include an interface unit 512 such as a USB, a peripheral computer interface (PCI), a SD (secure digital) interface, or a communication link for interfacing with an off-chip non-volatile memory 580 .
  • interface unit 512 may establish a connection to the remote memory via a short distance physical connection by means of a USB connector, an SD connector, or the like.
  • the interface unit 512 may coupled to the remote NVM memory 580 via a local area network, a personal area network (Bluetooth) or a wireless area network according to the IEEE802.11 standard or the like (the local, personal, or wireless area network is indicated as a cloud 570 ).
  • the integrated secure element includes a secure CPU 552 that together with a boot ROM 554 initiates the integrated secure element at power up.
  • the secure element further includes a secure random access memory (S-RAM) 556 , one or more hardware accelerators 558 , one or more non-volatile memory (NVM) registers or fuses 560 , and a slave demodulator interface circuit 562 that couples the integrated secure element 550 with the demodulator logic 510 .
  • S-RAM secure random access memory
  • NVM non-volatile memory
  • the secure element may include a firewall 564 that allows for the secure CPU to initiate a connection to the remote memory 580 and download firmware (i.e., data files, executable applications) 582 from the remote memory to the secure S-RAM 556 , but does not allows the remote memory to initiate a connection in the reverse direction.
  • firmware i.e., data files, executable applications
  • the demodulator SOC may initiate a download of firmware 582 from remote flash device 580 .
  • the download process can be performed by the demodulator CPU D-CPU by means of the hardware master port and send the firmware to the secure S-RAM through slave port interface 562 .
  • this read-and-write of the CA firmware from the remote flash memory cannot be considered as secure because demodulator logic 510 and remote flash memory 580 are outside of the secure element boundary. Therefore, the downloaded firmware image in the secure S-RAM must be authenticated to protect the firmware image from modification.
  • the secure element locks the slave interface and the firewall to prevent any subsequent access from the non-trusted demodulator interface and secure S-CPU 552 may start executing from boot ROM 554 . It is noted that the demodulator logic cannot access secure element 550 through master-slave demodulator interface 562 once the security element is locked.
  • FIG. 6 is a diagram illustrating a firmware run-time authentication 600 using hardware facilities provided by the secure element according to an exemplary embodiment of the present invention.
  • Firmware run-time authentication 600 is an exemplary embodiment providing an efficient way to mitigate the risk of running malicious code at run time.
  • the firmware run-time authentication verifies and authenticates software within power cycles to protect hardware intrusive attacks and fault injection.
  • the hardware facilities of the secure element writes (programs by burning or blowing fuses) a software checksum SWChecksum 608 to one or more of the NVM registers 628 during the boot process and writes runtime configuration parameter to corresponding configuration registers of the secure element finite state machine 668 , which controls the cryptographic hash function 612 and the comparator 618 .
  • Cryptographic hash function 612 produces a hash value HV 18 from firmware 610 and compares ( 618 ) the hash value HV 18 with the SWChecksum stored in one of the NVM registers 628 . In the event that there is a match (indicated as “Yes”), the secure element continues its operation. In the event there is no match (indicated as “No”), i.e., the firmware may have been modified or compromised, the secure element disables the firmware execution.
  • the firmware run-time authentication can be triggered from different sources that may include, but is not limited to: 1) software driven by requesting an authentication through a control register in the security element; 2) hardware timer as a recurring event driven by a hardware counter set during the boot process; 3) when the secure S-CPU enters or exits a sleep period; or 4) when the secure S-CPU receives a wakeup request.
  • the hash value of the decrypted firmware is stored in the boot certificate and is programmed into one of the NVM (one-time-programmable) registers in the secure element during the boot process so that it cannot be modified or altered. It is important to note that this process cannot be performed by the RAM-ware itself because the RAM-ware can be tampered with. Thus, the process has to be performed entirely in hardware or using code stored in ROM that cannot be modified.
  • the SWchechsum written into a write-once memory register can be reset on power-on/off of the secure element.
  • the secure element includes control parameters that define the source and recurrence of the run-time check.
  • certificate 601 may include runtime configuration data 602 that is written into associated configuration registers 669 of the secure element.
  • Configuration data 602 may configure or customize the finite state machine (FSM) so that the secure element operates in a manner that is desired by a vendor or a service provider.
  • FSM finite state machine
  • the secure element may start executing the firmware in the secure RAM upon a successful authentication.
  • the execution of the firmware may include generating a control word and provide it securely to the demodulator for deciphering encrypted data streams.
  • Embodiments of the present invention include a secure generation and distribution of a pair of encryption keys by a secured server.
  • a first encryption key may be sent to a first recipient that uses the first encryption key to encipher (encrypt) a data file before distributing it to a target subscriber.
  • the second encryption key is sent to a second recipient that may program the encryption key into a secure element during the manufacturing process.
  • the secure element will use the stored key to decipher (decrypt) the encrypted data file received from the first recipient.
  • the pair of encryption keys may be unique to the secure element. That is, each target subscriber may receive a secure element having a unique private key for deciphering the encrypted data file.
  • FIG. 7 a block diagram illustrating a system and method for securely generating and distributing a pair of asymmetric keys according to an embodiment of the present invention.
  • the secure key distribution system includes a secured server 701 for generating and storing a pair of keys including a private key 702 and a public key 703 .
  • a key distribution unit 704 is coupled to secured server 701 and provides the private key to an original design manufacturer (ODM), an original equipment manufacturer (OEM), or a device manufacturer 710 and the public key to a firmware provider.
  • ODM original design manufacturer
  • OEM original equipment manufacturer
  • the key distribution system in reference to FIG. 7 may be used by a service provider or a content provider that teams up with a device manufacturer, an ODM or an OEM to provide secure devices to target subscribers for accessing broadcast services and contents.
  • the service provider also may team up with a conditional access (CA) firmware provider for creating firmware for the operation of the secure devices.
  • CA conditional access
  • the service or content provider may operate the secured server 701 that is communicatively connected to the device manufacturer through a key distribution unit 704 .
  • the communication between the device manufacturer and the key distribution unit is via a secure communication link 712 .
  • the device manufacturer may send a request to the secured server for obtaining a private key.
  • the secured server may send the private key to the device manufacturer via the secure communication link 712 .
  • the secure communication link 712 may be a secure sockets layer (SSL) link.
  • the key distribution unit 704 may perform functions associated with conventional communication systems such as authentication the request by the user identity and the password and the like and management of the communication traffic between the secured server and the requester.
  • the device manufacturer may operate the secured server to generate the private and public keys and provides the public key to the CA firmware provider via the key distribution unit.
  • firmware provider receives the public key sent by the key distribution unit and encrypts ( 724 ) a clear firmware 720 using the received public key to produce an encrypted firmware 726 .
  • the clear firmware 720 may includes a conditional access firmware for distributing to target subscribers.
  • the clear firmware 722 can be encrypted using the RSA algorithm.
  • the encrypted firmware 726 can be stored in a non-volatile memory device 780 for sending to target subscribers.
  • device manufacturer (ODM, OEM) 710 may produce a receiver system on a chip (SOC) as shown and described in FIG. 2 , a demodulator SOC as shown and described in FIG. 3 , or a demodulator shown an described in FIGS. 4 and 5 .
  • SOC 750 may includes a secure CPU 752 that is coupled to a boot ROM 754 and a secure random access memory (RAM) 756 .
  • SOC 750 also includes a non-volatile register which can be an one-time programmable array of fuses or a secure flash register for storing the received private key. It is noted that the programmed private key in the non-volatile register or the one-time programmable array of fuses is not accessible externally once programmed. Other precautions can be taken to hide or obfuscate the stored private key.
  • SOC 750 may include a decryption module 754 that can be a crypto-processor, hardware logic, or a dedicated deciphering hardware and software to decrypt the encrypted firmware 726 contained in the remote non-volatile memory 780 .
  • the deciphering process decrypts the encrypted firmware using the RSA algorithm.
  • the clear (i.e., decrypted) firmware is then stored in secure RAM 756 .
  • the clear firmware is authenticated prior to being stored in the secure RAM or executed by CPU 752 .
  • SOC may download the encrypted firmware 726 via a communication network 720 that is disposed between the firmware provider and the SOC 750 .
  • Communication network can be one of the local area network, a metropolitan area network, a wide area network, or a wireless or cellular network.
  • FIG. 8 is a flow diagram of an example method 800 of generating a pair of asymmetric keys and securely providing the keys to authorized recipients according to an embodiment of the present invention.
  • This flow diagram is merely an example, which should not unduly limit the scope of the claims herein.
  • a secured server generates a pair of asymmetric keys including a public key and a private key that are then provided to authorized recipients. It is appreciated that the public and private keys are unique for the authorized recipients and thus provide a robust binding mechanism between the authorized recipients.
  • a key distribution unit that is communicatively connected to the secured server sends the public key to a first recipient via a first communication link.
  • the first recipient may be a conditional access firmware vendor that uses the received public key to encrypt a firmware (step 808 ) prior to distributing it to target subscribers.
  • the encrypted firmware may be stored in a non-volatile memory device such as a CD-ROM or a flash memory device for distribution.
  • the first recipient may make the encrypted firmware accessible or downloadable via the Internet.
  • the key distribution unit sends the private key to a second recipient via a second communication link.
  • the second recipient can be a device manufacturer, an ODM, or OEM that programs the received private key into a non-volatile register that can be an one-time programmable array of fuses or a secure flash register in a secure element of a system-on-a-chip demodulator or receiver.
  • the second recipient programs the received private key in a secure element of the SOC demodulator or receiver. The programming may be performed by burning or blowing a number of fuses during the manufacturing process of the secure element in a preferred embodiment.
  • the secure element may download the encrypted firmware either from a remote non-volatile memory device or via the Internet from the first recipient.
  • the secure element deciphers the encrypted firmware using the private key contained in its one-time programmable fuse array.

Abstract

A method for securely generating and distributing encryption keys includes generating, by a secured server, a pair of keys including a first key and a second key and providing, by a key distributing unit, the first key to a first recipient and a second key to a second recipient. The first recipient may use the first key to encrypt a data file and send the encrypted data file via a non-volatile memory device to a target subscriber. The second recipient may program the second key into an one-time-programmable register contained in a secure element during a manufacturing process. The secure element may further include a random access memory configured to store an image of the encrypted data file, a read-only memory containing a boot code, and a processing unit coupled to the random-access memory and the read-only memory and operative to decrypt the encrypted data file.

Description

CROSS-REFERENCES TO RELATED APPLICATIONS
The present application claims benefit under 35 USC 119(e) of U.S. provisional application No. 61/372,390, filed Aug. 10, 2010, entitled “Control Word Obfuscation in Secure TV Receiver”, the content of which is incorporated herein by reference in its entirety:
The present application is related to and incorporates by reference the entire contents of the following US applications:
    • U.S. application Ser. No. 13/021,178, filed Feb. 4, 2011, entitled “Conditional Access Integration in a SOC for Mobile TV Applications”;
    • U.S. application Ser. No. 13/026,000, filed Feb. 11, 2011, entitled “RAM Based Security Element for Embedded Applications”;
    • U.S. application Ser. No. 13/041,256, filed Mar. 4, 2011, entitled “Code Download and Firewall for Embedded Secure Application”;
    • U.S. application Ser. No. 13/072,069, filed Mar. 25, 2011, entitled “Firmware Authentication and Deciphering for Secure TV Receiver”;
    • U.S. application Ser. No. 13/075,038, filed Mar. 29, 2011, entitled “Generation of SW Encryption Key During Silicon Manufacturing Process”; and
    • U.S. application Ser. No. 13/076,172, filed Mar. 30, 2010, entitled “Control Word Obfuscation in Secure TV Receiver”.
BACKGROUND OF THE INVENTION
Embodiments of the present invention relate to the field of encryption key distribution. More particularly, embodiments of the present invention relate to a system, apparatus and method for securely distributing encryption keys for conditional access software in TV receiver systems.
Various contents such as movies, music, game software, sport events, and others are offered by service providers through a variety of wired and wireless communication networks. Some of these contents are encrypted so that they can be accessed or viewed by subscribers who are in possession of a corresponding decryption key. It is understandable that service providers will try to generate encryption keys and distribute the keys in a secure manner. An encryption technique is the use of asymmetric key algorithms, where the key used to encrypt a widely distributed software component (e.g., firmware) is not the same as the key used to decrypt it. Embodiments of the present invention relate to an encryption key distribution and may apply to conditional access systems for digital broadcast television.
There are several well-known digital radio and digital TV broadcast standards. In Europe, the digital radio broadcast is the DAB (Digital Audio Broadcasting) adopted by the ITU-R standardization body and by ETSI. The digital TV standard is DVB (Digital Video Broadcasting) in Europe, ATSC (Advanced Television Systems Committee) in the U.S., and ISDB (Integrated Services Digital Broadcasting) in Japan and South America. In addition to these standards, there are also mobile TV standards which relate to the reception of TV on handheld devices such as mobile phones or the like. Some well-known mobile TV standards are DVB-H (Digital Video Broadcasting-Handheld), CMMB (China Multimedia Mobile Broadcasting), and DMB (Digital Multimedia Broadcasting).
In most digital TV broadcasting services, the service providers scramble and encrypt the transmitted data streams to protect the broadcasted content and require their customers or users to install “security protection” mechanisms to decrypt and descramble the content. Security protection mechanisms such as digital rights management enable users to store content. Conditional access (CA) systems are other security protection mechanisms that allow users to access and view content but may or may not record the viewed content.
In a typical pay-TV system, the conditional access software runs on a dedicated secure element implementing robust mechanisms so as to prevent a malicious entity (“hacker”) from gaining access to the broadcast system secret to decipher the TV content. The CA instruction code and keys provisioned by the CA provider adapted to ensure security are typically stored in the discrete secure element. The communication link between the discrete secure element and the demodulator, if not protected, presents a vulnerable entry point for hackers to get access to the software or introduces malicious code to the TV system.
FIG. 1 is a block diagram of a conventional TV receiver 100 performing conditional access (CA) functions. Receiver 100 includes a TV demodulator 110 coupled to a suitable antenna 105 for receiving broadcast content. The broadcast content may be encrypted by a control word (CW). Demodulator 110 is connected to a dedicated secure element 120 via a communication link 150. Communication link 150 can be a proprietary interface or a standard interface. Secure element 120 may be provided by the service provider and controls access to a broadcast service by providing one or more control words to the demodulator via the communication link. Secure element 120 may include a CPU coupled to a memory unit which may contain EEPROM and/or ROM. Secure element 120 may also hold service entitlement information controlled by the service provider. The service provider may communicate with the secure element using encrypted messages that carry descrambling keys and other service management information.
Demodulator 110 receives the code word from the secure element and uses the code word to descramble the encrypted content. The clear stream is then provided to a video and audio decoder 130. A display 140 coupled to the video and audio decoder displays the decoded video and audio data streams. In general, secure element 120 may be provided in several forms and in multiple packaging options. For example, the secure element may be a dedicated surface mount device mounted on the receiver, a SIM card (e.g., in the context of a mobile phone), a secure SD card, or a module.
Because the communication link between the secure element and the demodulator is not secure, an additional layer, typically a software layer, is used to encrypt messages between the secure element and the demodulator. However, hackers or attackers may get access to this software layer through the communication link, and with it gain access to the code word. Therefore, the software layer must be made protected.
It can be seen that the conventional secure element has a hardware structure that does not provide flexibility because it requires a dedicated module and a hardware connection to the demodulator. Furthermore, conventional techniques do not appear to address the concerns of service providers, CA operators, and content owners, namely, to provide security to the operation of their devices and the protection of their broadcast contents.
There is therefore a need to provide systems and methods to securely distribute the encryption keys to device manufacturers and firmware providers when a service provider does not have direct control to the device manufacturing process and firmware provision but still prevent unauthorized users to gain access to the broadcast services and contents.
BRIEF SUMMARY OF THE INVENTION
Embodiments of the present invention provide a system and method of generating and distributing encryption keys to authorized recipients. The system includes a secured server that generates a unique pair of keys including a first key and a second key and a key distribution unit connected to the secured server for transmitting the first key to a first recipient and a second key to a second recipient. The first recipient may use the first key to encipher (encrypt) a data file and send the encrypted data file via a non-volatile memory device to a target subscriber. The second recipient may program the second key into an one-time-programmable register contained in a secure element during a manufacturing process. The secure element may further include a random access memory configured to store an image (copy) of the encrypted data file, a read-only memory containing a boot code, and a processing unit coupled to the random-access memory and the read-only memory and operative to decipher (decrypt) the encrypted data file. In an embodiment, the first recipient may be a conditional access firmware provider, and the second recipient may be an original design manufacturer, an original equipment manufacturer, or a device manufacturer that makes the secure element and sent it to the target subscriber. In an embodiment, the secured server may be operated by a service or content provider.
Embodiments of the present invention also disclose a method for securely generating and distributing encryption keys. The method includes generating, by a secured server, a pair of keys including a first key and a second key and providing, by a key distributing unit, the first key to a first recipient and a second key to a second recipient. The first recipient may use the first key to encrypt a data file and send the encrypted data file via a non-volatile memory device to a target subscriber. The second recipient may program the second key into an one-time-programmable register contained in a secure element during a manufacturing process. The secure element may further include a random access memory configured to store an image of the encrypted data file, a read-only memory containing a boot code, and a processing unit coupled to the random-access memory and the read-only memory and operative to decrypt the encrypted data file by executing the boot code.
BRIEF DESCRIPTION OF THE DRAWINGS
Preferred embodiments of the present invention are described below, by way of example only, with reference to the accompanying drawings, in which:
FIG. 1 is a block diagram of a conventional TV receiver 100 performing conditional access (CA) functions;
FIG. 2 is a simplified block diagram of a receiver system on a chip (SOC) according to an embodiment of the present invention;
FIG. 3 is a simplified block diagram of a demodulator SOC having an integrated secure element according to an embodiment of the present invention;
FIG. 4 is a block diagram of a TV demodulator SOC in communication with an external video and audio decoder and an external flash memory according to an embodiment of the present invention;
FIG. 5 illustrates a demodulator SOC performing a firmware download operation from an external memory according to an embodiment of the present invention;
FIG. 6 is a diagram illustrating an exemplary firmware run-time authentication using hardware facilities provided by the secure element according to an embodiment of the present invention;
FIG. 7 a block diagram illustrating a secure generation and distribution of asymmetric keys according to an embodiment of the present invention; and
FIG. 8 is a flowchart diagram illustrating an example method of generating a pair of asymmetric keys and securely providing the keys to authorized recipients according to an embodiment of the present invention.
 DETAILED DESCRIPTION OF THE INVENTION
Conditional access is used by TV broadcasters to generate revenue. To achieve this, security guidelines are used to protect the keys provisioned to the user and to guarantee that no hacker or malicious entity can crack the system and watch contents for free. These guidelines, also referred to as security requirements, define methods adapted to prevent misuse of the SOC (system-on-chip) device and its associated firmware, and furthermore to inhibit unauthorized access to secrets, such as keys, operating modes, etc. The SOC security framework described herein defines hardware (HW), software (SW), or a combination thereof (i.e., firmware) to achieve these objectives.
FIG. 2 is a simplified block diagram of a receiver system on a chip (SOC) 200 configured to perform tuning, demodulating, CA security, and the like, in accordance with an embodiment of the present invention. Receiver system 200 includes a digital broadcast receiver 210 that may be capable of receiving signals in a number of different frequency bands of interest and/or in a number of different formats. By way of example, receiver system 200 may be capable of receiving any one or more of the standards mentioned above or other suitable standards. In an exemplary embodiment, receiver system 300 also includes a conditional access security (CAS) sub-system 250.
Digital broadcast receiver 210 includes a tuner 212 that is connected to an antenna 211. Although an antenna is shown, tuner 212 may be connected to a number of antennas that is configured to suit different frequency bands of interest. The tuner frequency translates received signals and provide them to a demodulator 214, which may demodulate the frequency translated signals into multiple data streams (audio, video, text, and others). Receiver 210 also includes a descrambler 216 that descrambles the data streams (indicated as encrypted TS) and provides clear (i.e., descrambled) data streams (indicated as clear TS in FIG. 2) to a host via a host interface unit 218. Receiver 210 further includes a control processor 220 and a memory unit 222 that contains software (program code) to enable a user to select a service and to program the tuner to a desired frequency. In an embodiment, memory 222 may include dynamic random memory and/or permanent memory such as read-only memory (ROM).
Receiver 210 also includes a control interface unit 224 that connects the broadcast receiver 210 with the conditional access security sub-system 250. As described in section above, control access is a protection of content required by content owners or service providers. Conventional access approaches use dedicated surface mount devices such as Smartcard, SIM card, secure SD card or the like. In conventional approaches, CA instruction code and keys provisioned by CA providers adapted to ensure security are typically stored in a non-volatile memory, such as an EEPROM or Flash, which are relatively expensive and cannot be easily and cost effectively integrated using standard CMOS fabrication processes. A novel conditional access security (CAS) sub-system according to an embodiment of the present invention will be described in detail below.
Referring to FIG. 2, CAS sub-system 250 includes a secure processor 252 coupled to a memory unit 254. The secure CPU may be a RISC CPU configured to process various processing operations. CAS sub-system 250 may further include a crypto hardware 256 that, in an embodiment, includes suitable crypto logic, circuitry (e.g., hardware) for performing cryptographic operations. In a specific embodiment, crypto hardware 256 may be a crypto processor configure to perform cryptographic functions such as processing digital signature, key management, identifying public keys and others due to the secure access requirements. During the manufacturing process, cryptographic hardware may generate a unique crypto ID (device identifier) for the receiver SOC 200 and a unique encryption key. CAS sub-system also includes a fuse bank 260. In an embodiment, fuse bank 260 may include electrically programmable fuses on the chip. In an embodiment, the fuse bank may contain an array of electrically programmable registers, each having a number of bits. The bits can be programmed during the manufacturing process or later by the service provider as the device is shipped to the user. In an embodiment, corresponding bits of the fuse bank are burned or blown according to the value of the unique device ID and a certificate key. In a specific embodiment, memory unit 254 may include random access memory and read-only memory. In contrast to conventional techniques, memory unit 254 does not includes EEPROM and/or Flash memory to facilitate the integration process and to minimize cost by using conventional (i.e., standard) CMOS process.
In an embodiment, receiver SOC 200 includes an external memory interface 268 configured to interface with an external memory device (not shown). The external memory may be a flash memory containing firmware or software code and other associated information data that are required for the receiver SOC to perform the descrambling functions. Details of the firmware, software code and the associated information data will be described in detail in sections below. In an embodiment, the external memory interface 268 can include a SD memory card slot, a multimedia card (MMC), a micro SD card slot, a mini SDHC, a microSDHC, a Memory Stick slot, a PCMCIA interface, a USB interface, a serial or a parallel interface, and others. The external memory can be a commercial off-the-shelf Flash memory in a specific embodiment.
In accordance with embodiments of the present invention, the conditional access (CA) software code is stored in a random access memory (RAM). The CA software is dynamically downloaded from an external non-volatile flash memory via the external memory interface 268 to the RAM during the power cycle of the security sub-system. However, because the external flash storing the CA software is outside the security perimeter it must first be authenticated and checked for any malicious alteration (such as bypass of the security function that could be inserted by a hacker). The secure sub-system implements a protocol to authenticate the firmware using a public key algorithm and digital certificate provisioned during manufacturing.
FIG. 3 is a block diagram of a demodulator SOC 300 including a demodulation logic 310 coupled to a remote memory device 480 (e.g., Flash memory) and an integrated secure element 350 according to an embodiment of the present invention. Demodulation logic 310 may have a similar configuration of the receiver 210 shown in FIG. 2. For example, demodulation logic 310 may include a demodulator, a descrambler, a control CPU, a memory unit that comprises RAM and/or ROM, a host interface, and a control interface unit; the functions of those elements have been described in details in the sections above and won't be repeated herein for brevity. The demodulator logic 310 may further include system-on-a chip infrastructure such as registers, IO ports, an external memory interface link 320, which may be similar to the external memory interface port 268 shown in FIG. 2 and described above. In an embodiment, remote or external Flash memory 380 may be coupled to the demodulator SOC 300 through the interface link 320. The coupling can be by means of a physical connection such as a SD card connector or a USB connector. In another embodiment, the coupling can be by means of an optical (e.g., infrared) or radio wave (e.g., Bluetooth, wireless LAN IEEE802.11, or the like) communication link.
In an embodiment, integrated secure element 350 includes a secure CPU 352, a boot read-only memory (ROM) 353, a secure random access memory (RAM) 355, multiple non-volatile memory registers (or one-time programmable fuse banks) 360. CPU 352 may include an adder and logic for executing arithmetic operations or comparative decisions. In an embodiment, the non-volatile memory registers are implemented using fuse cells that can be fabricated using standard CMOS processes. In an embodiment, the non-volatile memory registers are programmed (burned or blown) during the silicon manufacturing process to store information such as the device ID, the root public key, and others. Integrated secure element 350 also includes a hardware accelerator 356 that can be one or more crypto processors as described above in association with crypto hardware 256 of FIG. 2.
In order to minimize cost, the CA software code is stored in the secure RAM 355 according to an embodiment of the present invention. CA software is understood as instructions, one or more sets of instructions, data files, firmware, or executable applications that are provided to the secure CPU 352 for execution. CA software is dynamically downloaded from the remote (external) flash memory 380 to the RAM 355 (“RAM-ware”) during the power cycle of the integrated secure element 350. Because CA software is downloaded from the external Flash memory, it must be first authenticated by the integrated secure element 350. In an embodiment, the secure element operates a protocol to authenticate the RAM-ware using a public key algorithm and a digital certificate (e.g., a unique device ID) that is provided during the manufacturing of the demodulator SOC. In an embodiment, the authentication process can be assisted and accelerated using hardware accelerator 356.
In an embodiment, CA software is received by the demodulator logic from the external memory and transferred to the secure RAM 355 via a demodulator interface circuit 366. In contrast to conventional secure elements that store the CA software code in EEPROM and/or Flash memory, embodiments of the present invention provides a RAM-ware architecture that can be updated securely and easily, e.g., by downloading firmware (i.e., software, program codes, data files) stored in external memories. Because the external memory containing the CA software is outside the security perimeter of the secure element, it must first be authenticated. In an embodiment, the downloaded CA software is authenticated by the secure element running boot authenticate programs from the boot ROM 353. Because the RAM-ware architecture does not require EEPROM and/or Flash memory that requires among other things a double poly process or a tunnel oxide process and expensive testing equipment and procedures, the RAM-based architecture of the present invention can be cost effectively produced using standard CMOS processes.
In an embodiment, the integrated secure element produces an attribute based on a digital certificate contained in the received software (now RAM-ware because it is now stored in the secure RAM) and provides the attribute to the demodulator logic for descrambling the received data streams (not shown). In some embodiments, the attribute can be a secure bit pattern or a secure codeword to enable the descrambling process in the demodulator logic 310.
In an embodiment, the integrated secure element 350 is activated when the TV application is enabled by the user. When the TV application is enabled, the demodulator logic causes the boot ROM to execute the boot instructions and activate the integrated secure element. During the boot process, the conditional access (CA) firmware stored in the external flash memory is downloaded to the RAM disposed in the secure element, so that the CPU starts operating.
As described above, the remote Flash memory contains conditional access (CA) executable applications or data files that are dynamically loaded to the RAM 355 disposed in the integrated secure element. In an embodiment, the external memory contains a digital certificate that is generated by the CA vendor or the demodulator SOC device manufacturer and signed with the root private key or a derivative of the root key using public key infrastructure (PKI). In an embodiment, the digital certificate may be unique to each demodulator SOC device and contains a device identification (ID) code. In an embodiment, the same identification code may also be stored in one or more of the non-volatile registers 460. In an embodiment, the non-volatile memory registers 360 may also store a digital signature of the CA software or CA firmware. In an embodiment, the boot ROM authenticates the CA firmware by means of the digital certificate.
In an embodiment, the secure boot ROM may process the digital certificate as follows: (i) verify that the certificate is authentic and the certificate has been signed by a trusted delegate of the root key owner; (ii) verify that the certificate is intended for the given device by comparing the device ID stored in the secure element NVM (non-volatile memory) registers and the code stored in the certificate to ensure that they match; and (iii) authenticate the firmware by regenerating its signature with the root public key and comparing the result with the value stored in the certificate. Only when the above three steps are successful, the SW that has been downloaded to the secure element RAM is verified and considered to be trustworthy. In an embodiment, the SW code in the external memory may be encrypted. In this case, it is first deciphered by the boot ROM. The SW encryption key (or a derivative) is stored in the secure element NVM registers and used directly by the ROM code.
FIG. 4 is a block diagram of a TV demodulator SOC 400 in communication with an external video and audio decoder 470 and a flash memory 480 according to an embodiment of the present invention. As shown, the TV demodulator SOC includes a tuner and demodulator 410 coupled to an antenna 405 for received a desired modulated content that may be encrypted. TV demodulator SOC 400 may include a demodulator CPU 420 for communicating with a user and for controlling the tuner demodulator. Demodulator CPU 420 is coupled to a memory unit 430 that may contain static random access memory and read-only memory. TV demodulator SOC 400 also includes a descrambler 440 that is configured to received an encrypted data stream 412 from the tuner and demodulator 410 using an encryption key or a control word delivered from a secure element sub-system. In contrast to a conventional conditional access system, the secure element sub-system is integrated within the TV demodulator SOC. The secure element sub-system includes a secure CPU 452 coupled to a read-only memory ROM 456 and a secure random access memory RAM 456. In contrast to the conventional access system that contains flash memory or EEPROM for storing boot loader firmware, TV demodulator SOC does not include flash memory or EEPROM, so that TV demodulator SOC can be fabricated using cost effective standard CMOS processes that do not require special floating gate processes and associated testing steps.
TV demodulator SOC receives a firmware image (i.e., data representative or a copy of the firmware disposed in an external device. The term firmware and firmware image will be used alternatively hereinafter) from external flash memory 480 via a memory interface port 420. The firmware download can be, for example, initiated by the demodulator CPU 420 and stored in the secure RAM 456. Because the flash memory is external to the TV demodulator SOC and thus to the secure element sub-system, the firmware image (i.e., a copy of the firmware) must be first authenticated by the secure element sub-system before being executed. Upon a successful authentication, the secure element sub-system will execute the firmware image to produce a control word or encryption key for the descrambler to decipher the encrypted data stream. The control word is transmitted to the descrambler through a physical link 442 that must be protected from hacking Details of the firmware download from the external flash memory, the authentication process and the protection of the control word through obfuscation will be described in more detail below.
The descrambler deciphers the encrypted data stream and produces a clear data stream to a video and audio decoder 470 that is coupled to a display unit 475 for reproducing the video and audio content.
FIG. 5 illustrates a demodulator SOC 500 performing a firmware download operation from an external memory according to an embodiment of the present invention. Demodulator SOC 500 comprises a demodulator logic 510 and an integrated secure element 550. Demodulator logic 510 may include a tuner, a demodulator, a descrambler, control CPU, a memory unit, a host interface as shown in FIG. 2. The demodulator logic may include SOC infrastructure having one or more IO ports, a memory interface unit, and others. In an exemplary embodiment, the SOC infrastructure may include an interface unit 512 such as a USB, a peripheral computer interface (PCI), a SD (secure digital) interface, or a communication link for interfacing with an off-chip non-volatile memory 580. In a specific embodiment, interface unit 512 may establish a connection to the remote memory via a short distance physical connection by means of a USB connector, an SD connector, or the like. In another embodiment, the interface unit 512 may coupled to the remote NVM memory 580 via a local area network, a personal area network (Bluetooth) or a wireless area network according to the IEEE802.11 standard or the like (the local, personal, or wireless area network is indicated as a cloud 570).
The integrated secure element includes a secure CPU 552 that together with a boot ROM 554 initiates the integrated secure element at power up. The secure element further includes a secure random access memory (S-RAM) 556, one or more hardware accelerators 558, one or more non-volatile memory (NVM) registers or fuses 560, and a slave demodulator interface circuit 562 that couples the integrated secure element 550 with the demodulator logic 510.
The secure element may include a firewall 564 that allows for the secure CPU to initiate a connection to the remote memory 580 and download firmware (i.e., data files, executable applications) 582 from the remote memory to the secure S-RAM 556, but does not allows the remote memory to initiate a connection in the reverse direction.
After clearing the content of secure S-RAM 556, the demodulator SOC may initiate a download of firmware 582 from remote flash device 580. The download process can be performed by the demodulator CPU D-CPU by means of the hardware master port and send the firmware to the secure S-RAM through slave port interface 562. However, this read-and-write of the CA firmware from the remote flash memory cannot be considered as secure because demodulator logic 510 and remote flash memory 580 are outside of the secure element boundary. Therefore, the downloaded firmware image in the secure S-RAM must be authenticated to protect the firmware image from modification. Once the firmware image download is complete, the secure element locks the slave interface and the firewall to prevent any subsequent access from the non-trusted demodulator interface and secure S-CPU 552 may start executing from boot ROM 554. It is noted that the demodulator logic cannot access secure element 550 through master-slave demodulator interface 562 once the security element is locked.
FIG. 6 is a diagram illustrating a firmware run-time authentication 600 using hardware facilities provided by the secure element according to an exemplary embodiment of the present invention. Firmware run-time authentication 600 is an exemplary embodiment providing an efficient way to mitigate the risk of running malicious code at run time. The firmware run-time authentication verifies and authenticates software within power cycles to protect hardware intrusive attacks and fault injection. In an embodiment, the hardware facilities of the secure element writes (programs by burning or blowing fuses) a software checksum SWChecksum 608 to one or more of the NVM registers 628 during the boot process and writes runtime configuration parameter to corresponding configuration registers of the secure element finite state machine 668, which controls the cryptographic hash function 612 and the comparator 618. Cryptographic hash function 612 produces a hash value HV18 from firmware 610 and compares (618) the hash value HV18 with the SWChecksum stored in one of the NVM registers 628. In the event that there is a match (indicated as “Yes”), the secure element continues its operation. In the event there is no match (indicated as “No”), i.e., the firmware may have been modified or compromised, the secure element disables the firmware execution. In some embodiments, the firmware run-time authentication can be triggered from different sources that may include, but is not limited to: 1) software driven by requesting an authentication through a control register in the security element; 2) hardware timer as a recurring event driven by a hardware counter set during the boot process; 3) when the secure S-CPU enters or exits a sleep period; or 4) when the secure S-CPU receives a wakeup request.
In an embodiment, the hash value of the decrypted firmware is stored in the boot certificate and is programmed into one of the NVM (one-time-programmable) registers in the secure element during the boot process so that it cannot be modified or altered. It is important to note that this process cannot be performed by the RAM-ware itself because the RAM-ware can be tampered with. Thus, the process has to be performed entirely in hardware or using code stored in ROM that cannot be modified. The SWchechsum written into a write-once memory register can be reset on power-on/off of the secure element. In addition, the secure element includes control parameters that define the source and recurrence of the run-time check.
In an embodiment, certificate 601 may include runtime configuration data 602 that is written into associated configuration registers 669 of the secure element. Configuration data 602 may configure or customize the finite state machine (FSM) so that the secure element operates in a manner that is desired by a vendor or a service provider. In this example embodiment, the secure element may start executing the firmware in the secure RAM upon a successful authentication. The execution of the firmware may include generating a control word and provide it securely to the demodulator for deciphering encrypted data streams.
Embodiments of the present invention include a secure generation and distribution of a pair of encryption keys by a secured server. A first encryption key may be sent to a first recipient that uses the first encryption key to encipher (encrypt) a data file before distributing it to a target subscriber. The second encryption key is sent to a second recipient that may program the encryption key into a secure element during the manufacturing process. The secure element will use the stored key to decipher (decrypt) the encrypted data file received from the first recipient. The pair of encryption keys may be unique to the secure element. That is, each target subscriber may receive a secure element having a unique private key for deciphering the encrypted data file.
FIG. 7 a block diagram illustrating a system and method for securely generating and distributing a pair of asymmetric keys according to an embodiment of the present invention. In an embodiment, the secure key distribution system includes a secured server 701 for generating and storing a pair of keys including a private key 702 and a public key 703. A key distribution unit 704 is coupled to secured server 701 and provides the private key to an original design manufacturer (ODM), an original equipment manufacturer (OEM), or a device manufacturer 710 and the public key to a firmware provider. The key distribution system in reference to FIG. 7 may be used by a service provider or a content provider that teams up with a device manufacturer, an ODM or an OEM to provide secure devices to target subscribers for accessing broadcast services and contents. The service provider also may team up with a conditional access (CA) firmware provider for creating firmware for the operation of the secure devices. In an embodiment, the service or content provider may operate the secured server 701 that is communicatively connected to the device manufacturer through a key distribution unit 704. In an embodiment, the communication between the device manufacturer and the key distribution unit is via a secure communication link 712. In an embodiment, the device manufacturer may send a request to the secured server for obtaining a private key. In reply to the request, the secured server may send the private key to the device manufacturer via the secure communication link 712. In an embodiment, the secure communication link 712 may be a secure sockets layer (SSL) link. In an embodiment, the key distribution unit 704 may perform functions associated with conventional communication systems such as authentication the request by the user identity and the password and the like and management of the communication traffic between the secured server and the requester. In another embodiment, the device manufacturer may operate the secured server to generate the private and public keys and provides the public key to the CA firmware provider via the key distribution unit.
In an embodiment, firmware provider receives the public key sent by the key distribution unit and encrypts (724) a clear firmware 720 using the received public key to produce an encrypted firmware 726. In an embodiment, the clear firmware 720 may includes a conditional access firmware for distributing to target subscribers. In an embodiment, the clear firmware 722 can be encrypted using the RSA algorithm. In an embodiment, the encrypted firmware 726 can be stored in a non-volatile memory device 780 for sending to target subscribers.
Still referring to FIG. 7, device manufacturer (ODM, OEM) 710 may produce a receiver system on a chip (SOC) as shown and described in FIG. 2, a demodulator SOC as shown and described in FIG. 3, or a demodulator shown an described in FIGS. 4 and 5. For the sake of brevity, only parts of the SOC that are used for the decryption of the encrypted firmware will be described below. SOC 750 may includes a secure CPU 752 that is coupled to a boot ROM 754 and a secure random access memory (RAM) 756. SOC 750 also includes a non-volatile register which can be an one-time programmable array of fuses or a secure flash register for storing the received private key. It is noted that the programmed private key in the non-volatile register or the one-time programmable array of fuses is not accessible externally once programmed. Other precautions can be taken to hide or obfuscate the stored private key.
SOC 750 may include a decryption module 754 that can be a crypto-processor, hardware logic, or a dedicated deciphering hardware and software to decrypt the encrypted firmware 726 contained in the remote non-volatile memory 780. In an embodiment, the deciphering process (decryption module 754) decrypts the encrypted firmware using the RSA algorithm. The clear (i.e., decrypted) firmware is then stored in secure RAM 756. In an embodiment, the clear firmware is authenticated prior to being stored in the secure RAM or executed by CPU 752.
In an embodiment, SOC may download the encrypted firmware 726 via a communication network 720 that is disposed between the firmware provider and the SOC 750. Communication network can be one of the local area network, a metropolitan area network, a wide area network, or a wireless or cellular network.
FIG. 8 is a flow diagram of an example method 800 of generating a pair of asymmetric keys and securely providing the keys to authorized recipients according to an embodiment of the present invention. This flow diagram is merely an example, which should not unduly limit the scope of the claims herein. One of ordinary skill in the art would recognize other variations, modifications, and alternatives. For example, one or more steps can be provided in a different sequence without departing from the scope of the claims herein. In step 802, a secured server generates a pair of asymmetric keys including a public key and a private key that are then provided to authorized recipients. It is appreciated that the public and private keys are unique for the authorized recipients and thus provide a robust binding mechanism between the authorized recipients. In step 804, a key distribution unit that is communicatively connected to the secured server sends the public key to a first recipient via a first communication link. In an embodiment, the first recipient may be a conditional access firmware vendor that uses the received public key to encrypt a firmware (step 808) prior to distributing it to target subscribers. In an embodiment, the encrypted firmware may be stored in a non-volatile memory device such as a CD-ROM or a flash memory device for distribution. In another embodiment, the first recipient may make the encrypted firmware accessible or downloadable via the Internet. In step 806, the key distribution unit sends the private key to a second recipient via a second communication link. The second recipient can be a device manufacturer, an ODM, or OEM that programs the received private key into a non-volatile register that can be an one-time programmable array of fuses or a secure flash register in a secure element of a system-on-a-chip demodulator or receiver. At step 810, the second recipient programs the received private key in a secure element of the SOC demodulator or receiver. The programming may be performed by burning or blowing a number of fuses during the manufacturing process of the secure element in a preferred embodiment. At step 812, the secure element may download the encrypted firmware either from a remote non-volatile memory device or via the Internet from the first recipient. In step 814, the secure element deciphers the encrypted firmware using the private key contained in its one-time programmable fuse array.
It is to be understood that the above description is intended to be illustrative and not restrictive. Many embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the appended claims along with their full scope of equivalents.

Claims (18)

What is claimed is:
1. An encryption key distribution system comprising:
a secured server configured to generate at least one pair of keys including a first key and a second key;
a key distribution unit operably coupled to the secured server;
a first recipient configured to receive the first key through the key distribution unit and encrypt a data file using the first key; and
a second recipient configured to receive the second key through the key distribution unit and program a secure element;
wherein the secure element comprises:
at least one non-volatile register configured to store the second key;
a random access memory configured to store an image of the encrypted data file;
a read-only memory including a boot code; and
a processing unit coupled to the read-only memory and the random access memory and being operative to decrypt the image of the encrypted data file using the second key.
2. The encryption key distribution system of claim 1, wherein the first key and the second key are different.
3. The encryption key distribution system of claim 1, wherein the first recipient is a conditional access software provider and the second recipient is a original design manufacturer (ODM) or a original equipment manufacturer (OEM).
4. The encryption key distribution system of claim 1, wherein the second recipient is connected to the key distribution unit via a secure communication link.
5. The encryption key distribution system of claim 4, wherein the secure communication link is a secure sockets layer (SSL) link.
6. The encryption key distribution system of claim 1, wherein the second key is programmed into the at least one non-volatile register during a manufacturing process of the secure element.
7. The encryption key distribution system of claim 1, wherein the secured server is operated by a service provider.
8. The encryption key distribution system of claim 1, wherein the secure element receives the encrypted data file from the first recipient via the Internet.
9. The encryption key distribution system of claim 1, wherein the secure element receives the encrypted data file through an external non-volatile memory device.
10. An encryption key distribution method comprising:
generating, by a secured server, at least one pair of keys including a first key and a second key;
providing, by a key distribution unit, the first key to a first recipient,
encrypting a data file by the first recipient using the first key;
providing, by the key distribution unit, the second key to a second recipient; and
programming, by the second recipient, the second key in a secure element;
wherein the secure element comprising:
a non-volatile register configured to store the second key;
a random access memory configured to store an image of the encrypted data file;
a read-only memory including a boot code; and
a processing unit coupled to the read-only memory and the random access memory and being operative to decrypt the image of the encrypted data file.
11. The encryption key distribution method of claim 10, wherein the first key and the second key are different.
12. The encryption key distribution method of claim 10, wherein the first recipient is a conditional access software provider and the second recipient is a original design manufacturer (ODM) or a original equipment manufacturer (OEM).
13. The encryption key distribution method of claim 10, wherein the second recipient is connected to the key distribution unit via a secure communication link.
14. The encryption key distribution method of claim 13, wherein the secure communication link is a secure sockets layer (SSL) link.
15. The encryption key distribution method of claim 10, wherein the second key is programmed into the non-volatile register during a manufacturing process of the secure element.
16. The encryption key distribution method of claim 10, wherein the non-volatile register is an one-time programmable register comprises a plurality of fuses.
17. The encryption key distribution method of claim 10, wherein the secured server is operated by a service provider.
18. The encryption key distribution method of claim 10 further comprising sending the encrypted data file, by the first recipient, to the secure element via an external non-volatile memory device.
US13/205,578 2010-08-10 2011-08-08 Encryption keys distribution for conditional access software in TV receiver SOC Expired - Fee Related US8892855B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/205,578 US8892855B2 (en) 2010-08-10 2011-08-08 Encryption keys distribution for conditional access software in TV receiver SOC

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US37239010P 2010-08-10 2010-08-10
US13/205,578 US8892855B2 (en) 2010-08-10 2011-08-08 Encryption keys distribution for conditional access software in TV receiver SOC

Publications (2)

Publication Number Publication Date
US20120198224A1 US20120198224A1 (en) 2012-08-02
US8892855B2 true US8892855B2 (en) 2014-11-18

Family

ID=46578397

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/205,578 Expired - Fee Related US8892855B2 (en) 2010-08-10 2011-08-08 Encryption keys distribution for conditional access software in TV receiver SOC

Country Status (1)

Country Link
US (1) US8892855B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11463263B2 (en) * 2019-03-25 2022-10-04 Micron Technology, Inc. Secure emergency vehicular communication
TWI782147B (en) * 2017-12-22 2022-11-01 瑞士商納格維遜股份有限公司 A secure software-defined radio chip

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9219936B2 (en) 2010-02-05 2015-12-22 Maxlinear, Inc. Conditional access integration in a SOC for mobile TV applications
US9177152B2 (en) 2010-03-26 2015-11-03 Maxlinear, Inc. Firmware authentication and deciphering for secure TV receiver
WO2011123561A1 (en) 2010-03-30 2011-10-06 Maxlinear, Inc. Control word obfuscation in secure tv receiver
US8837739B1 (en) * 2012-05-13 2014-09-16 Identillect Technologies, Inc. Encryption messaging system
US9171170B2 (en) * 2012-08-17 2015-10-27 Broadcom Corporation Data and key separation using a secure central processing unit
US8931082B2 (en) 2012-08-17 2015-01-06 Broadcom Corporation Multi-security-CPU system
US9363508B2 (en) 2012-09-12 2016-06-07 Broadcom Corporation Delta QP handling in a high efficiency video decoder
US9792439B2 (en) * 2012-09-19 2017-10-17 Nxp B.V. Method and system for securely updating firmware in a computing device
US9116841B2 (en) * 2012-11-28 2015-08-25 Infineon Technologies Ag Methods and systems for securely transferring embedded code and/or data designed for a device to a customer
WO2015004327A1 (en) * 2013-07-08 2015-01-15 Tuukka Korhonen Method and device for file encryption
US9858229B2 (en) * 2014-09-30 2018-01-02 International Business Machines Corporation Data access protection for computer systems
US9710651B2 (en) * 2015-04-10 2017-07-18 Vixs Systems Inc. Secure processor for SoC initialization
US10474823B2 (en) 2016-02-16 2019-11-12 Atmel Corporation Controlled secure code authentication
US10482255B2 (en) 2016-02-16 2019-11-19 Atmel Corporation Controlled secure code authentication
US10616197B2 (en) 2016-04-18 2020-04-07 Atmel Corporation Message authentication with secure code verification
US10223531B2 (en) * 2016-12-30 2019-03-05 Google Llc Secure device state apparatus and method and lifecycle management
US20180288364A1 (en) * 2017-03-30 2018-10-04 Zen-Me Labs Oy Method and system for sensory environment replication
US11290286B2 (en) * 2017-09-27 2022-03-29 Cable Television Laboratories, Inc. Provisioning systems and methods
CN109657479B (en) * 2017-10-11 2023-03-28 厦门雅迅网络股份有限公司 Data leakage prevention method and computer readable storage medium
US10482253B2 (en) * 2018-03-30 2019-11-19 Dell Products L. P. Configuring basic input output system (BIOS) features based on a policy
US10979232B2 (en) * 2018-05-31 2021-04-13 Motorola Solutions, Inc. Method for provisioning device certificates for electronic processors in untrusted environments
JP7286381B2 (en) * 2019-04-01 2023-06-05 キヤノン株式会社 Information processing device and its control method
US11768611B2 (en) 2020-04-02 2023-09-26 Axiado Corporation Secure boot of a processing chip

Citations (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6424717B1 (en) 1995-04-03 2002-07-23 Scientific-Atlanta, Inc. Encryption devices for use in a conditional access system
US20030079138A1 (en) 2001-10-19 2003-04-24 Nguyen Tom L. Content protection in non-volatile storage devices
US20030163713A1 (en) 2002-02-28 2003-08-28 Cocchi Ronald P. Asynchronous configuration
US20040025010A1 (en) 2002-07-30 2004-02-05 Texas Instruments Incorporated Computing platform certificate
US20040039911A1 (en) 2001-09-11 2004-02-26 Makoto Oka Content usage authority management system and management method
US20040044906A1 (en) 1999-04-06 2004-03-04 Paul England Secure execution of program code
US20040181303A1 (en) 2002-12-02 2004-09-16 Silverbrook Research Pty Ltd Relatively unique ID in integrated circuit
US20040210796A1 (en) 2001-11-19 2004-10-21 Kenneth Largman Computer system capable of supporting a plurality of independent computing environments
US20050005138A1 (en) 2003-04-03 2005-01-06 Shoichi Awai Data service apparatus
US6882729B2 (en) 2002-12-12 2005-04-19 Universal Electronics Inc. System and method for limiting access to data
US20050138397A1 (en) 2003-12-18 2005-06-23 Matsushita Electric Industrial Co., Ltd. Authenticated program execution method
US20060015731A1 (en) 2004-06-30 2006-01-19 Nokia Corporation Method and apparatus to provide secure mobile file system
US20060117177A1 (en) 2004-11-29 2006-06-01 Buer Mark L Programmable security platform
US20060236113A1 (en) 2005-03-31 2006-10-19 Mitsuru Uzawa Information processing apparatus and method thereof
US20060259743A1 (en) 2005-05-10 2006-11-16 Masakazu Suzuoki Methods and apparatus for power management in a computing system
US20060272022A1 (en) 2005-05-31 2006-11-30 Dmitrii Loukianov Securely configuring a system
US20070074045A1 (en) 2002-09-30 2007-03-29 Van Essen Brian C Method of securing programmable logic configuration data
US20070150734A1 (en) 2004-01-06 2007-06-28 Gervais John A Secure porting of information from one device to another
US20070180464A1 (en) 2005-07-29 2007-08-02 Stmicroelectronics Limited Method and system for restricting use of data in a circuit
US20070192610A1 (en) 2006-02-10 2007-08-16 Chun Dexter T Method and apparatus for securely booting from an external storage device
US20070294494A1 (en) 2006-06-16 2007-12-20 Texas Instruments Incorporated Page processing circuits, devices, methods and systems for secure demand paging and other operations
US20080005586A1 (en) 2006-06-27 2008-01-03 Peter Munguia Systems and techniques for datapath security in a system-on-a-chip device
US20080016349A1 (en) 2002-02-28 2008-01-17 The Directv Group, Inc. Hidden identification
US20080101604A1 (en) 2001-03-28 2008-05-01 Cryptography Research, Inc. Self-protecting digital content
US20080183992A1 (en) * 2006-12-05 2008-07-31 Don Martin Tape backup method
US20080219494A1 (en) 2007-03-08 2008-09-11 Xuemin Chen Method and System For Watermark Embedding in a Multimedia System-On -Chip
US20080235406A1 (en) 2007-03-23 2008-09-25 Universal Electronics Inc. System and method for upgrading the functionality of a controlling device in a secure manner
US20080240230A1 (en) 2007-03-29 2008-10-02 Horizon Semiconductors Ltd. Media processor with an integrated TV receiver
US20080267410A1 (en) 2007-02-28 2008-10-30 Broadcom Corporation Method for Authorizing and Authenticating Data
US20090044233A1 (en) 2007-08-10 2009-02-12 At&T Knowledge Ventures, Lp System and Methods for Digital Video Recorder Backup and Recovery
US20090049220A1 (en) 2007-05-10 2009-02-19 Texas Instruments Incorporated Interrupt-related circuits, systems, and processes
US7506358B1 (en) 1999-12-09 2009-03-17 Cisco Technology, Inc. Method and apparatus supporting network communications through a firewall
US20090094597A1 (en) 2007-10-04 2009-04-09 Memory Experts International Inc. Portable firmware device
US20090109487A1 (en) 2000-08-30 2009-04-30 Seiko Epson Corporation Printing Apparatus, Data Storage Medium, Interface Device, Printer Control Method, And Interface Control Method
US20090144557A1 (en) 2007-07-26 2009-06-04 Hyblue, Inc. Recoverable secure data store system and method
US20100014671A1 (en) * 2008-06-19 2010-01-21 General Instrument Corporation Secure interchip transport interface
US20100020963A1 (en) 1999-03-30 2010-01-28 Sony Corporation Method and Apparatus for Descrambling Content
US20100293614A1 (en) 2009-05-12 2010-11-18 Vilppola Kari M Method, Apparatus, and Computer Program for Providing Application Security
US20110138192A1 (en) * 2009-12-04 2011-06-09 Kocher Paul C Verifiable, Leak-Resistant Encryption and Decryption
US20120036372A1 (en) 2010-02-05 2012-02-09 Maxlinear, Inc. Conditional Access Integration in a SOC for Mobile TV Applications
US20120042157A1 (en) 2010-02-11 2012-02-16 Maxlinear, Inc. RAM Based Security Element for Embedded Applications
US20120060039A1 (en) 2010-03-05 2012-03-08 Maxlinear, Inc. Code Download and Firewall for Embedded Secure Application
US20120079261A1 (en) 2010-03-30 2012-03-29 Maxlinear, Inc. Control Word Obfuscation in Secure TV Receiver
US20120079279A1 (en) 2010-03-29 2012-03-29 Maxlinear, Inc. Generation of SW Encryption Key During Silicon Manufacturing Process
US20120079287A1 (en) 2010-03-26 2012-03-29 Maxlinear, Inc. Firmware Authentication and Deciphering for Secure TV Receiver
US8180735B2 (en) 2006-12-29 2012-05-15 Prodea Systems, Inc. Managed file backup and restore at remote storage locations through multi-services gateway at user premises

Patent Citations (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6424717B1 (en) 1995-04-03 2002-07-23 Scientific-Atlanta, Inc. Encryption devices for use in a conditional access system
US20100020963A1 (en) 1999-03-30 2010-01-28 Sony Corporation Method and Apparatus for Descrambling Content
US20040044906A1 (en) 1999-04-06 2004-03-04 Paul England Secure execution of program code
US7506358B1 (en) 1999-12-09 2009-03-17 Cisco Technology, Inc. Method and apparatus supporting network communications through a firewall
US20090109487A1 (en) 2000-08-30 2009-04-30 Seiko Epson Corporation Printing Apparatus, Data Storage Medium, Interface Device, Printer Control Method, And Interface Control Method
US20080101604A1 (en) 2001-03-28 2008-05-01 Cryptography Research, Inc. Self-protecting digital content
US20040039911A1 (en) 2001-09-11 2004-02-26 Makoto Oka Content usage authority management system and management method
US20030079138A1 (en) 2001-10-19 2003-04-24 Nguyen Tom L. Content protection in non-volatile storage devices
US20040210796A1 (en) 2001-11-19 2004-10-21 Kenneth Largman Computer system capable of supporting a plurality of independent computing environments
US20080016349A1 (en) 2002-02-28 2008-01-17 The Directv Group, Inc. Hidden identification
US20030163713A1 (en) 2002-02-28 2003-08-28 Cocchi Ronald P. Asynchronous configuration
US20040025010A1 (en) 2002-07-30 2004-02-05 Texas Instruments Incorporated Computing platform certificate
US20070074045A1 (en) 2002-09-30 2007-03-29 Van Essen Brian C Method of securing programmable logic configuration data
US20040181303A1 (en) 2002-12-02 2004-09-16 Silverbrook Research Pty Ltd Relatively unique ID in integrated circuit
US6882729B2 (en) 2002-12-12 2005-04-19 Universal Electronics Inc. System and method for limiting access to data
US20050005138A1 (en) 2003-04-03 2005-01-06 Shoichi Awai Data service apparatus
US20050138397A1 (en) 2003-12-18 2005-06-23 Matsushita Electric Industrial Co., Ltd. Authenticated program execution method
US20070150734A1 (en) 2004-01-06 2007-06-28 Gervais John A Secure porting of information from one device to another
US20060015731A1 (en) 2004-06-30 2006-01-19 Nokia Corporation Method and apparatus to provide secure mobile file system
US20060117177A1 (en) 2004-11-29 2006-06-01 Buer Mark L Programmable security platform
US20060236113A1 (en) 2005-03-31 2006-10-19 Mitsuru Uzawa Information processing apparatus and method thereof
US7409570B2 (en) 2005-05-10 2008-08-05 Sony Computer Entertainment Inc. Multiprocessor system for decrypting and resuming execution of an executing program after transferring the program code between two processors via a shared main memory upon occurrence of predetermined condition
US20060259743A1 (en) 2005-05-10 2006-11-16 Masakazu Suzuoki Methods and apparatus for power management in a computing system
US20060272022A1 (en) 2005-05-31 2006-11-30 Dmitrii Loukianov Securely configuring a system
US20070180464A1 (en) 2005-07-29 2007-08-02 Stmicroelectronics Limited Method and system for restricting use of data in a circuit
US20070192610A1 (en) 2006-02-10 2007-08-16 Chun Dexter T Method and apparatus for securely booting from an external storage device
US20070294494A1 (en) 2006-06-16 2007-12-20 Texas Instruments Incorporated Page processing circuits, devices, methods and systems for secure demand paging and other operations
US20080005586A1 (en) 2006-06-27 2008-01-03 Peter Munguia Systems and techniques for datapath security in a system-on-a-chip device
US20080183992A1 (en) * 2006-12-05 2008-07-31 Don Martin Tape backup method
US8180735B2 (en) 2006-12-29 2012-05-15 Prodea Systems, Inc. Managed file backup and restore at remote storage locations through multi-services gateway at user premises
US20080267410A1 (en) 2007-02-28 2008-10-30 Broadcom Corporation Method for Authorizing and Authenticating Data
US20080219494A1 (en) 2007-03-08 2008-09-11 Xuemin Chen Method and System For Watermark Embedding in a Multimedia System-On -Chip
US20080235406A1 (en) 2007-03-23 2008-09-25 Universal Electronics Inc. System and method for upgrading the functionality of a controlling device in a secure manner
US20080240230A1 (en) 2007-03-29 2008-10-02 Horizon Semiconductors Ltd. Media processor with an integrated TV receiver
US20090049220A1 (en) 2007-05-10 2009-02-19 Texas Instruments Incorporated Interrupt-related circuits, systems, and processes
US20090144557A1 (en) 2007-07-26 2009-06-04 Hyblue, Inc. Recoverable secure data store system and method
US20090044233A1 (en) 2007-08-10 2009-02-12 At&T Knowledge Ventures, Lp System and Methods for Digital Video Recorder Backup and Recovery
US20090094597A1 (en) 2007-10-04 2009-04-09 Memory Experts International Inc. Portable firmware device
US20100014671A1 (en) * 2008-06-19 2010-01-21 General Instrument Corporation Secure interchip transport interface
US20100293614A1 (en) 2009-05-12 2010-11-18 Vilppola Kari M Method, Apparatus, and Computer Program for Providing Application Security
US20110138192A1 (en) * 2009-12-04 2011-06-09 Kocher Paul C Verifiable, Leak-Resistant Encryption and Decryption
US20120036372A1 (en) 2010-02-05 2012-02-09 Maxlinear, Inc. Conditional Access Integration in a SOC for Mobile TV Applications
US20120042157A1 (en) 2010-02-11 2012-02-16 Maxlinear, Inc. RAM Based Security Element for Embedded Applications
US20120060039A1 (en) 2010-03-05 2012-03-08 Maxlinear, Inc. Code Download and Firewall for Embedded Secure Application
US20120079287A1 (en) 2010-03-26 2012-03-29 Maxlinear, Inc. Firmware Authentication and Deciphering for Secure TV Receiver
US20120079279A1 (en) 2010-03-29 2012-03-29 Maxlinear, Inc. Generation of SW Encryption Key During Silicon Manufacturing Process
US20120079261A1 (en) 2010-03-30 2012-03-29 Maxlinear, Inc. Control Word Obfuscation in Secure TV Receiver

Non-Patent Citations (27)

* Cited by examiner, † Cited by third party
Title
Brusilovsky et al. "Password-Authenticated Diffie-Hellman Exchange (PAK)", downloaded from http://tools.ietf.org/html/draft-brusilovsky-pak-09, on Sep. 8, 2012, 13 pages.
Final Office Action for U.S. Appl. No. 13/021,178, mailed on May 23, 2013, 20 pages.
Final Office Action for U.S. Appl. No. 13/026,000, mailed on Mar. 14, 2014, 22 pages.
Final Office Action for U.S. Appl. No. 13/041,256, mailed on May 24, 2013, 37 pages.
Final Office Action for U.S. Appl. No. 13/072,069, mailed on Jul. 23, 2013, 20 pages.
International Preliminary Report on Patentability for PCT Application No. PCT/US2011/023749, mailed on Aug. 16, 2012, 9 pages.
International Preliminary Report on Patentability for PCT Application No. PCT/US2011/024543, mailed on Aug. 23, 2012, 8 pages.
International Preliminary Report on Patentability for PCT Application No. PCT/US2011/027299, mailed on Sep. 20, 2012, 7 pages.
International Preliminary Report on Patentability for PCT Application No. PCT/US2011/030033, mailed on Oct. 11, 2012, 8 pages.
International Preliminary Report on Patentability for PCT Application No. PCT/US2011/030378, mailed on Oct. 11, 2012, 7 pages.
International Preliminary Report on Patentability for PCT Application No. PCT/US2011/030581, mailed on Oct. 11, 2012, 6 pages.
International Search Report and Written Opinion corresponding to the PCT Application No. PCT/US2011/023749, date of mailing Apr. 6, 2011, 18 pages.
International Search Report and Written Opinion corresponding to the PCT Application No. PCT/US2011/024543, date of mailing Apr. 6, 2011, 17 pages.
International Search Report and Written Opinion corresponding to the PCT Application No. PCT/US2011/027299, dated of mailing Oct. 27, 2011, 14 pages.
International Search Report and Written Opinion corresponding to the PCT Application No. PCT/US2011/030033, dated of mailing Nov. 8, 2011, 14 pages.
International Search Report and Written Opinion corresponding to the PCT Application No. PCT/US2011/030378, date of mailing May 31, 2011, 13 pages.
International Search Report and Written Opinion corresponding to the PCT Application No. PCT/US2011/030581, date of mailing May 25, 2011, 8 pages.
Leach et al. "A Universally Unique Identifier (UUID) URN Namespace", downloaded from http://www.ietf.org/rfe/rfe4122.txt, on Sep. 8, 2012, 30 pages.
Non-Final Office Action for U.S. Appl. No. 13/021,178, mailed on Sep. 17, 2012, 28 pages.
Non-Final Office Action for U.S. Appl. No. 13/026,000, mailed on Dec. 26, 2012, 26 pages.
Non-Final Office Action for U.S. Appl. No. 13/026,000, mailed on Jul. 30, 2013, 24 pages.
Non-Final Office Action for U.S. Appl. No. 13/041,256, mailed on May 7, 2014, 29 pages.
Non-Final Office Action for U.S. Appl. No. 13/041,256, mailed on Sep. 14, 2012, 33 pages.
Non-Final Office Action for U.S. Appl. No. 13/072,069, mailed on Nov. 28, 2012, 22 pages.
Non-Final Office Action for U.S. Appl. No. 13/075,038, mailed on Feb. 3, 2014, 23 pages.
Non-Final Office Action for U.S. Appl. No. 13/076,172, mailed on Nov. 7, 2013, 20 pages.
Notice of Allowance for U.S. Appl. No. 13/076,172, mailed on May 29, 2014, 7 pages.

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI782147B (en) * 2017-12-22 2022-11-01 瑞士商納格維遜股份有限公司 A secure software-defined radio chip
US11463263B2 (en) * 2019-03-25 2022-10-04 Micron Technology, Inc. Secure emergency vehicular communication
US20230026215A1 (en) * 2019-03-25 2023-01-26 Micron Technology, Inc. Secure emergency vehicular communication
US11863688B2 (en) * 2019-03-25 2024-01-02 Micron Technology, Inc. Secure emergency vehicular communication

Also Published As

Publication number Publication date
US20120198224A1 (en) 2012-08-02

Similar Documents

Publication Publication Date Title
US8892855B2 (en) Encryption keys distribution for conditional access software in TV receiver SOC
US9177152B2 (en) Firmware authentication and deciphering for secure TV receiver
US20120060039A1 (en) Code Download and Firewall for Embedded Secure Application
US8935520B2 (en) Control word obfuscation in secure TV receiver
US20120079279A1 (en) Generation of SW Encryption Key During Silicon Manufacturing Process
US9219936B2 (en) Conditional access integration in a SOC for mobile TV applications
US20120042157A1 (en) RAM Based Security Element for Embedded Applications
US20060272022A1 (en) Securely configuring a system
US8949595B2 (en) Mutual authentication apparatus and method in downloadable conditional access system
US9479825B2 (en) Terminal based on conditional access technology
US8528102B2 (en) Method and system for protection of customer secrets in a secure reprogrammable system
US20090150681A1 (en) Secure Software Download
US11250170B2 (en) Secure activation of client receiver by host receiver smart card
JP5933705B2 (en) Receiver software protection
US20190222878A1 (en) System and method for managing in-field deployment of multiple conditional access and watermarking systems
WO2009094851A1 (en) Digital tv conditional access system and related handling procedure
JP6350548B2 (en) Receiving apparatus and receiving method
US10521564B2 (en) Operating a device for forwarding protected content to a client unit
KR101280740B1 (en) Method to secure access to audio/video content in a decoding unit
KR101282416B1 (en) DCAS, SM, TP and method for certificating security
KR20110066826A (en) Method for downloading conditional access system/digital right management by using trusted platform module
KR100844846B1 (en) Method for secure booting in IP-TV end system
KR100950596B1 (en) Broadcasting receiving apparatus based on downloadable conditional access system and method for reinforcing security thereof

Legal Events

Date Code Title Description
AS Assignment

Owner name: MAXLINEAR, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LECLERCQ, MAXIME;REEL/FRAME:026923/0668

Effective date: 20110822

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: PAT HOLDER NO LONGER CLAIMS SMALL ENTITY STATUS, ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: STOL); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT, IL

Free format text: SECURITY AGREEMENT;ASSIGNORS:MAXLINEAR, INC.;ENTROPIC COMMUNICATIONS, LLC (F/K/A ENTROPIC COMMUNICATIONS, INC.);EXAR CORPORATION;REEL/FRAME:042453/0001

Effective date: 20170512

Owner name: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT, ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNORS:MAXLINEAR, INC.;ENTROPIC COMMUNICATIONS, LLC (F/K/A ENTROPIC COMMUNICATIONS, INC.);EXAR CORPORATION;REEL/FRAME:042453/0001

Effective date: 20170512

FEPP Fee payment procedure

Free format text: SURCHARGE FOR LATE PAYMENT, LARGE ENTITY (ORIGINAL EVENT CODE: M1554)

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551)

Year of fee payment: 4

AS Assignment

Owner name: MAXLINEAR, INC., CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046704/0473

Effective date: 20180803

Owner name: ENTROPIC COMMUNICATIONS, LLC (F/K/A ENTROPIC COMMU

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046704/0473

Effective date: 20180803

Owner name: EXAR CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046704/0473

Effective date: 20180803

AS Assignment

Owner name: EXAR CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046737/0594

Effective date: 20180807

Owner name: MAXLINEAR, INC., CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046737/0594

Effective date: 20180807

Owner name: ENTROPIC COMMUNICATIONS, LLC (F/K/A ENTROPIC COMMU

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046737/0594

Effective date: 20180807

AS Assignment

Owner name: RADIOXIO, LLC, MINNESOTA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MAXLINEAR, INC.;REEL/FRAME:047264/0199

Effective date: 20180803

AS Assignment

Owner name: MUFG UNION BANK, N.A., CALIFORNIA

Free format text: SUCCESSION OF AGENCY (REEL 042453 / FRAME 0001);ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:053115/0842

Effective date: 20200701

AS Assignment

Owner name: MAXLINEAR, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MUFG UNION BANK, N.A.;REEL/FRAME:056656/0204

Effective date: 20210623

Owner name: EXAR CORPORATION, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MUFG UNION BANK, N.A.;REEL/FRAME:056656/0204

Effective date: 20210623

Owner name: MAXLINEAR COMMUNICATIONS LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:MUFG UNION BANK, N.A.;REEL/FRAME:056656/0204

Effective date: 20210623

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20221118